cPanel
cPanel/WHM Initial Installation Errors
*
/var/log/cpanel*install* These log files contain verbose logs of the cPanel installation, and should be the first point of reference for any issues which might occur out of the box with new cPanel installations
cPanel/WHM Requests and Errors:
*
/usr/local/cpanel/logs/error_log cPanel logs any error it incurs here. This should always be the first place you look when you encounter errors or strange behavior in cPanel/WHM.
*
/usr/local/cpanel/logs/license_log All license update attempts are logged here. If you run into any license errors when logging in, check here.
*
/usr/local/cpanel/logs/stats_log The stats daemon (cpanellogd) logs the output from all stats generators (Awstats, Webalizer, Analog) here.
*
/usr/local/cpanel/logs/access_log General information pertaining to cPanel requests is logged here (Client Information, Request URI)
cPanel/WHM Update Logs:
*
/var/cpanel/updatelogs/update-[TIMESTAMP].log Contains all output from each upcp. Named with the timestamp from which the upcp process was executed.
Service Status Logs:
*
/var/log/chkservd.log The service monitoring daemon (chkservd) logs all service checks here. Failed services are represented with a [-], and active are represented with [+].
Apache
General Error and Auditing Logs:
*
/usr/local/apache/logs/error_log All exceptions caught by httpd, along with standard error output from CGI applications are logged here. The first place you should look when httpd crashes, or you incur errors when accessing a website.
*
/usr/local/apache/logs/suexec_log Contains auditing information reported by suexec each time a CGI application is executed. If you receive an internal server error, with no relevant information being reported to the Apache error_log, check here for potential suexec policy violations.
Domain Access Logs:
*
/usr/local/apache/domlogs/domain.com The general access log for each domain configured with cPanel.
Exim
Message Reception and Delivery:
*
/var/log/exim_mainlog ( Linux ), /var/log/exim/mainlog (FreeBSD) Receives an entry every time a message is received or delivered
Rejections based on ACLs/Policies:
*
/var/log/exim_rejectlog ( Linux ), /var/log/exim/rejectlog (FreeBSD) Receives an entry every time a message is rejected based on either ACLs or other policies (for example, aliases configured to :fail
Unexpected or Fatal Errors:
*
/var/log/exim_paniclog ( Linux ), /var/log/exim/paniclog (FreeBSD) Receives all entries exim doesnt know how to handle. Its generally a really bad thing when log entries are being written here, and they should be thoroughly investigated.
IMAP/POP/SpamAssassin
General Logging and Errors:
*
/var/log/maillog
*
/var/log/messages
The IMAP, POP, and SpamAssassin services all log here. This includes all general logging information (login attempts, transactions, spam scoring), along with fatal errors.
FTP
Logins and General Errors:
*
/var/log/messages General information and login attempts are logged here.
FTP Transactions:
*
/var/log/xferlog Is a symbolic link in most cases to /usr/local/apache/domlogs/ftpxferlog, which contains a history of the transactions made by FTP users.
MySQL
General Information and Errors:
*
/var/lib/mysql/$(hostname).err This path could vary, but is generally located in /var/lib/mysql. Could also be located at /var/log/mysqld.log
